The popularity of JSON web tokens (JWTs) in modern authentication systems has made them a common security risk that needs to be audited for potential vulnerabilities.
The blogs walks through the pentesting lifecycle of an average JWT, from research to exploit, in a hands-on beginner-to-advanced style.
JWTs are made up of a header, payload, and signature and can be found in HTTP authorization headers, cookies or URL parameters and can be decoded using sites such as jwt.io.
The article covers five common exploitation techniques, including alg: none, brute-forcing HMAC secrets, algorithm confusion, weak claims and no expiry, and KID header injection.
Finally, the blog post offers mitigation techniques for developers to avoid suchcommon misconfigurations.